Strony

MS RPC ALG on SRX firewalls

If you spent a lot of time with SRX firewalls probably you know that MS-RPC alg was cause some problems with Active Directory connections. One simple workaround was turning off ms-rpc ALG, but some people don't know what ms-rpc alg is doing in firewalls. In this short post I will show some commands which are involve ms-rpc.

First of all, ms-rpc alg checks UUID. This magical string defines type of remote procedures. In junos UUID was defined in application, for example:
set groups junos-defaults applications application junos-ms-rpc-msexchange-info-store term t1 uuid a4f1db00-ca47-1067-b31f-00dd010662da
You can find list of UUIDs in juniper kb. Applications are used in security policies.
You can use fwdd console to show ms-rpc map table, for example:
root@fw% vty fwdd

FLOWD_OCTEON(fw vty)# show usp algs ms-rpc map-table
MS RPC service mapping - hashed by (vsys, ip, port, prot)
Bkt     Vsys    IP              Port    Prot    UUID
51      0       172.21.3.20     1468    TCP     a4f1db00-ca47-1067-b31f-00dd010662da
59      0       10.22.4.147     1250    TCP     a4f1db00-ca47-1067-b31f-00dd010662da
65      0       172.21.3.20     1347    TCP     f5cc5a18-4264-101a-8c59-08002b2f8426
121     0       172.21.3.21     20754   TCP     a4f1db00-ca47-1067-b31f-00dd010662da
127     0       172.21.3.20     1251    TCP     1544f5e0-613c-11d1-93df-00c04fd7bd09
173     0       172.21.2.141    1026    TCP     12345678-1234-abcd-ef00-01234567cffb
173     0       172.21.2.141    1026    TCP     e3514235-4b06-11d1-ab04-00c04fc2dcd2
173     0       172.21.2.142    1025    TCP     e3514235-4b06-11d1-ab04-00c04fc2dcd2
173     0       172.21.2.141    1026    TCP     12345678-1234-abcd-ef00-01234567cffb
175     0       172.21.2.142    1026    TCP     12345678-1234-abcd-ef00-01234567cffb
175     0       172.21.2.142    1026    TCP     12345678-1234-abcd-ef00-01234567cffb
175     0       172.21.2.142    1026    TCP     e3514235-4b06-11d1-ab04-00c04fc2dcd2
219     0       10.128.20.12    49155   TCP     12345778-1234-abcd-ef00-0123456789ab
227     0       172.21.2.41     1025    TCP     e3514235-4b06-11d1-ab04-00c04fc2dcd2
227     0       172.21.2.41     1025    TCP     12345678-1234-abcd-ef00-01234567cffb
227     0       172.21.2.41     1025    TCP     e3514235-4b06-11d1-ab04-00c04fc2dcd2
231     0       172.21.2.42     1026    TCP     e3514235-4b06-11d1-ab04-00c04fc2dcd2
231     0       172.21.2.42     1026    TCP     e3514235-4b06-11d1-ab04-00c04fc2dcd2
231     0       172.21.2.42     1026    TCP     e3514235-4b06-11d1-ab04-00c04fc2dcd2
19 record(s)
Last but not least, you can check if ALG was enabled.
root@fw> show security alg status | match MSRPC    
  MSRPC    : Enabled
This is only small part of information about ALGs, but I hope that this post makes you more curious of SRX internals. :)

Brak komentarzy:

Prześlij komentarz